CVE-2015-8961

The ext4journalstop function in fs/ext4/ext4jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service use-after-free by leveraging improper access to a certain error field...

CVE-2016-7910

Use-after-free vulnerability in the diskseqfstop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed...

CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."...

CVE-2016-7911

Race condition in the gettaskioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service use-after-free via a crafted ioprioget system call...

CVE-2016-6734

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

CVE-2016-6730

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

CVE-2016-6732

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

CVE-2016-6736

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

dirtyc0w

A race condition in the Linux kernel's handling of copy-on-write COW operations means that users can gain write access to otherwise read-only areas of memory and gain permissions...

CVE-2016-3927

Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244...

CVE-2016-7117

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

CVE-2016-3926

Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953...

CVE-2016-0758

Integer overflow in lib/asn1decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data...

CVE-2016-3928

The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384...

CVE-2014-9529

Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...

CVE-2013-7446

Use-after-free vulnerability in net/unix/afunix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AFUNIX socket permissions or cause a denial of service panic via crafted epollctl calls...

CVE-2016-3862

media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjheadjni, which allows remote attackers to execute arbitrary code or cause a denial of service...

CVE-2016-3134

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service heap memory corruption via an IPTSOSETREPLACE setsockopt call...

CVE-2016-3861

LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2016-3951

Double free vulnerability in drivers/net/usb/cdcncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service system crash or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor...

CVE-2016-4470

The keyrejectandlink function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service system crash via vectors involving a crafted keyctl request2 command...

CVE-2016-5340

The isashmemfile function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center QuIC Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem...

CVE-2016-3840

Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153...

CVE-2016-3841

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...

CVE-2014-9902

Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 2013 devices allows remote attackers to execute arbitrary code via a crafted Information Element IE in an 802.11 management frame, aka Android internal bug 28668638 and...

CVE-2014-9863

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470...

CVE-2016-3821

libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service NULL pointer dereference or memory corruption via a craft...

CVE-2016-3857

The kernel in Android before 2016-08-05 on Nexus 7 2013 devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518...

CVE-2016-3842

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974...

CVE-2016-2504

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 2013 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974...

CVE-2016-3819

Integer overflow in codecs/on2/h264dec/source/h264bsddpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted...

CVE-2015-2686

net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for 1 sendto and 2 recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copyfromiter function in the ioviter interface, as demonstrated by the Bluetooth...

CVE-2016-3820

The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 28673410...

CVE-2016-3769

The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656...

CVE-2016-2505

mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 28333006...

CVE-2016-3771

The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102...

CVE-2016-3775

The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28588279...

CVE-2016-2067

drivers/gpu/msm/kgsl.c in the MSM graphics driver aka GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, mishandles the KGSLMEMFLAGSGPUREADONLY flag, which allows attackers to gain privileges by leveraging...

CVE-2016-2507

Integer overflow in codecs/on2/h264dec/source/h264bsdstorage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

CVE-2016-3774

The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008609 and MediaTek internal bug ALPS02703102...

CVE-2015-8816

The hubactivate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service invalid memory access and system crash or possibly have unspecified other impact ...

CVE-2016-3742

decoder/ih264dprocessintramb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 28165659...

CVE-2016-2508

media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service memory...

CVE-2016-3741

The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 28165661...

CVE-2016-3773

The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008363 and MediaTek internal bug ALPS02703102...

CVE-2016-3772

The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008188 and MediaTek internal bug ALPS02703102...

CVE-2016-2506

DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

CVE-2015-8892

platform/msmshared/bootverifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998...

CVE-2016-3743

decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 27907656...

CVE-2014-9794

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0973. Reason: This candidate is a reservation duplicate of CVE-2014-0973. Notes: All CVE users should reference CVE-2014-0973 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...